/build/static/layout/Breadcrumb_cap_w.png

Why do I have to have samaccountname=KBOX_USER on every Search Filter for LDAP user authentication setups?

I have put in the proper Base DN for an AD security group that I want to make read only admins.

When I use ldap browser I can see the resulting users with a search filter of (member=*).

However when I put that into the Authentication screen and click apply it says KBOX_USER need to be part of Search Filter.

What does this mean?

I tried following the tip from kace.com on how to import a group but it did not work for me.

Example: For a specific group in Active Directory, you only want users in the Support Dept who are in the admin group to be able to logon and have admin rights in the K1000 appliance.

 

The User located in Active Directory is under support dept.kace.com

The Group in Active Directory is: admin.support.kace.com

To setup in the K1000 appliance LDAP authenication for the admin profile, the following parameters can be used:

1. Go to Settings -> Users Authentication -> Edit Mode -> Admin role

2. Search Base DN: cn=support dept,dc=kace, dc=com

The Search Base DN will identify the folder and subfolder to look into. It is a good practice to point to the location where the user is located.

3. Search Filter: (&(samaccountname=KBOX_USER)(memberOf=cn=admin,ou=support,dc=kace,dc=com))

 

 

The Search Filter will identifies with the properties of the account to search against

For this specific setup, it would only allow users in the group: cn=admin,ou=support,dc=kace,dc=com to logon to the K1000 appliance and receive admin rights.

Asked 10 years ago 8768 views
1 Comment   [ + ] Show comment
  • Think of KBOX_USER as a variable. When writing a script you can put in %computername% so that the script can read the machine name without you having to type it out for every machine you run it against.

    KBOX_USER is used in the same why so when someone attempts to log into the KBOX, their name is put in place of the variable KBOX_USER. Then it checks against your AD to make sure that the samaccountname matches the person that is a member of the Admin group. If it is, they are allowed in with the Role you gave it, If not, then it goes to the next server in your setup or if there isn't another server, they are blocked from getting into the KBOX. - nshah 10 years ago

Answers (0)

Be the first to answer this question

Posted by:

seamorob White Belt
Ninja since: 10 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

KACE Product Support Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ